Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS39521.roa
File: AS39521.roa (raw, json)
Hash identifier: +9Nx6ndRhH2tA03+i3zoBZb1JQDnFSJ3XoiVpIS9rg4=
Subject key identifier: 75:D9:10:4B:F7:EF:53:CD:92:BA:B6:5E:9C:27:D8:66:30:88:5E:73
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 1D1D0319E63A0EA5B0D4AB10F80B8B18DC877457
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS39521.roa
Signing time: Wed 28 May 2025 00:02:29 +0000
ROA not before: Tue 27 May 2025 23:57:29 +0000
ROA not after: Wed 27 May 2026 00:02:29 +0000
asID: 39521
IP address blocks: 82.21.53.0/24 maxlen: 24
82.21.58.0/24 maxlen: 24
82.21.72.0/24 maxlen: 24
82.21.84.0/24 maxlen: 24
82.21.112.0/24 maxlen: 24
82.21.116.0/24 maxlen: 24
82.21.126.0/24 maxlen: 24
82.21.165.0/24 maxlen: 24
82.22.143.0/24 maxlen: 24
82.22.145.0/24 maxlen: 24
82.22.146.0/24 maxlen: 24
82.22.157.0/24 maxlen: 24
82.22.160.0/24 maxlen: 24
82.22.162.0/24 maxlen: 24
82.22.167.0/24 maxlen: 24
82.22.186.0/24 maxlen: 24
82.22.193.0/24 maxlen: 24
82.23.173.0/24 maxlen: 24
82.23.188.0/24 maxlen: 24
82.23.191.0/24 maxlen: 24
82.25.145.0/24 maxlen: 24
82.25.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 15:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:1d:03:19:e6:3a:0e:a5:b0:d4:ab:10:f8:0b:8b:18:dc:87:74:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: May 27 23:57:29 2025 GMT
Not After : May 27 00:02:29 2026 GMT
Subject: CN=75D9104BF7EF53CD92BAB65E9C27D86630885E73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:52:75:5a:e1:ed:58:75:ea:6d:35:56:d1:c2:
78:b7:45:2b:fd:97:bf:91:57:8d:8c:a3:6d:7c:d7:
88:95:ba:6d:f2:30:2d:63:b4:f0:e7:96:0a:75:49:
83:95:c3:2f:e3:86:fb:fd:62:d0:aa:08:de:a0:c5:
6f:6c:82:34:cf:d1:d5:84:cb:b9:ad:c8:18:fd:7a:
12:13:fa:61:b7:59:cb:9e:3d:89:ee:19:4e:95:94:
72:2a:46:d8:54:42:b4:53:99:fa:de:fc:cd:b8:0b:
d1:25:a9:87:0c:b2:6e:11:42:65:86:8e:d0:eb:7d:
7d:fc:03:1f:31:29:25:a8:6e:f7:31:23:3d:ca:b9:
96:16:30:c1:ac:08:9b:60:c4:d3:7c:a7:de:4c:e9:
dc:77:4c:45:aa:13:9a:28:ca:ca:15:d5:68:5f:1c:
a7:c2:21:09:e7:bf:77:c6:2e:65:25:5c:f9:c5:7e:
b4:70:c6:29:e2:dc:ed:91:46:67:06:c3:91:54:23:
e6:eb:f0:50:7e:7a:d3:62:3e:4c:93:ae:eb:97:17:
22:41:35:82:21:1c:8a:a2:b8:d7:f6:01:df:f7:02:
ed:f5:f4:bb:79:08:73:34:39:0f:5f:4c:4c:a0:a8:
f7:7b:c2:09:df:61:da:3f:28:61:a3:55:2e:b7:1a:
4f:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:D9:10:4B:F7:EF:53:CD:92:BA:B6:5E:9C:27:D8:66:30:88:5E:73
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS39521.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.53.0/24
82.21.58.0/24
82.21.72.0/24
82.21.84.0/24
82.21.112.0/24
82.21.116.0/24
82.21.126.0/24
82.21.165.0/24
82.22.143.0/24
82.22.145.0-82.22.146.255
82.22.157.0/24
82.22.160.0/24
82.22.162.0/24
82.22.167.0/24
82.22.186.0/24
82.22.193.0/24
82.23.173.0/24
82.23.188.0/24
82.23.191.0/24
82.25.145.0/24
82.25.175.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:8f:c6:63:a7:f6:4f:6f:7e:e9:10:71:2f:eb:5b:af:35:54:
a4:d3:5d:a6:e2:3c:60:63:7c:c0:d0:13:3e:15:b7:0c:77:1c:
b8:32:a0:49:bd:1c:85:e5:33:35:b3:73:75:cd:70:d0:ae:19:
4e:68:d9:60:2a:1c:2c:0f:35:0d:aa:f8:9d:88:5c:88:d2:ed:
65:f8:1a:aa:d8:65:fc:f6:6c:39:de:e4:c8:20:b5:99:80:47:
38:c8:c1:8b:8a:c2:52:27:6d:ed:0f:d6:6a:ac:78:c9:31:cd:
b1:bf:c5:e9:04:0e:3b:71:4f:cd:db:fd:4a:02:95:0d:5e:ef:
fa:bc:8f:46:25:9b:b8:9b:f1:7e:16:c7:c6:9b:22:89:a5:aa:
0f:ab:fc:36:4e:31:aa:1e:c3:3a:34:ac:4d:36:c0:e7:83:54:
21:a1:19:21:ad:53:54:17:90:10:f9:2a:2c:a9:c0:49:06:88:
0a:ec:fd:7a:38:49:0c:59:35:e0:84:c5:85:9c:04:a9:11:02:
0b:b9:78:9c:59:06:a8:52:11:1e:53:ca:03:d9:63:4d:6a:31:
fb:b6:f7:79:fc:c7:91:08:bb:35:37:8d:32:7a:86:d0:11:fc:
3e:22:96:6f:a0:e6:ef:48:a9:a7:af:2c:7a:24:2b:1c:94:e1:
5b:58:a3:d2
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIUHR0DGeY6DqWw1KsQ+AuLGNyHdFcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjcyMzU3MjlaFw0yNjA1MjcwMDAyMjlaMDMxMTAvBgNV
BAMTKDc1RDkxMDRCRjdFRjUzQ0Q5MkJBQjY1RTlDMjdEODY2MzA4ODVFNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0UnVa4e1YdeptNVbRwni3RSv9
l7+RV42Mo21814iVum3yMC1jtPDnlgp1SYOVwy/jhvv9YtCqCN6gxW9sgjTP0dWE
y7mtyBj9ehIT+mG3WcuePYnuGU6VlHIqRthUQrRTmfre/M24C9ElqYcMsm4RQmWG
jtDrfX38Ax8xKSWobvcxIz3KuZYWMMGsCJtgxNN8p95M6dx3TEWqE5ooysoV1Whf
HKfCIQnnv3fGLmUlXPnFfrRwxini3O2RRmcGw5FUI+br8FB+etNiPkyTruuXFyJB
NYIhHIqiuNf2Ad/3Au319Lt5CHM0OQ9fTEygqPd7wgnfYdo/KGGjVS63Gk8HAgMB
AAGjggKOMIICijAdBgNVHQ4EFgQUddkQS/fvU82SurZenCfYZjCIXnMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgaMGCCsGAQUFBwEHAQH/BIGTMIGQMIGNBAIAATCBhgME
AFIVNQMEAFIVOgMEAFIVSAMEAFIVVAMEAFIVcAMEAFIVdAMEAFIVfgMEAFIVpQME
AFIWjzAMAwQAUhaRAwQAUhaSAwQAUhadAwQAUhagAwQAUhaiAwQAUhanAwQAUha6
AwQAUhbBAwQAUhetAwQAUhe8AwQAUhe/AwQAUhmRAwQAUhmvMA0GCSqGSIb3DQEB
CwUAA4IBAQChj8Zjp/ZPb37pEHEv61uvNVSk012m4jxgY3zA0BM+FbcMdxy4MqBJ
vRyF5TM1s3N1zXDQrhlOaNlgKhwsDzUNqvidiFyI0u1l+Bqq2GX89mw53uTIILWZ
gEc4yMGLisJSJ23tD9ZqrHjJMc2xv8XpBA47cU/N2/1KApUNXu/6vI9GJZu4m/F+
FsfGmyKJpaoPq/w2TjGqHsM6NKxNNsDng1QhoRkhrVNUF5AQ+SosqcBJBogK7P16
OEkMWTXghMWFnASpEQILuXicWQaoUhEeU8oD2WNNajH7tvd5/MeRCLs1N40yeobQ
Efw+IpZvoObvSKmnryx6JCsclOFbWKPS
-----END CERTIFICATE-----
Generated at Fri Jun 6 21:54:14 2025 by rpki-client